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AMENDMENTS TO THE CLAIMS 

The following listing of claims replaces all prior versions of the claims in the 
Application. With reference to the listing it is noted that, herewith, claims 26, 27, 30-46, 69, 70, 
73-86, 109, 1 10, and 1 13-1 19 are canceled without prejudice or disclaimer, and claims 47, 87, 
and 120 are amended. No new matter has been added. 

Listing of Claims 

1 . (Original) A method of protecting content comprising: 

receiving content at a device; 

encrypting the content with a content key; 

encrypting the content key with a domain key; and 

storing the encrypted content key and the encrypted content. 

2. (Original) A method of protecting content comprising: 

receiving content at a device; 
encrypting the content with a content key; 
encrypting the content key with a domain key; and 
storing a voucher associated with the content; 

wherein the voucher includes the encrypted content key and a usage state 

record. 

3. (Original) The method according to claim 2 wherein the voucher also contains a 

domain traversal flag. 
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4. (Original) The method according to claim 2 wherein the content is encrypted before 

the content is received at the device. 

5. (Original) A method of protecting content comprising: 

receiving content at a device; 

receiving a usage state record associated with the content; 
receiving a domain traversal flag associated with the content; 
encrypting the content with a content key; 

encrypting the content key with a device key if the usage state record indicates 
that usage is not unrestricted; 

encrypting the content key with a domain key if the domain traversal flag 
indicates that domain traversal is forbidden; and 
storing a voucher associated with the content: 

wherein the voucher contains the encrypted content key, the usage state 

record, and the domain traversal flag. 

6. (Original) The method according to claim 5 further comprising: 

protecting at least part of the voucher using at least one of the following: 
a cryptographic hashing function; or 
a digital signature. 

7. (Original) A method of moving protected content within an authorized domain 
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comprising: 

transmitting encrypted content and a voucher associated with said encrypted 
content from a first device in the authorized domain to a second device in the 
authorized domain; 

the voucher including an encrypted content key and a usage state record; 

at the first device rendering any vouchers associated with said encrypted content 

unusable. 

8. (Original) The method of claim 7 further comprising: 

encrypting the entire voucher. 

9. (Original) The method of claim 7 further comprising: 

receiving said encrypted content and the voucher associated with that content in a 
second device in the authorized domain. 

10. (Original) The method of claim 9 comprising: 

decrypting the encrypted content key at the second device; and 
using the decrypted content key to decrypt the encrypted content. 

11. (Original) A method for moving protected content from a first device in one 
authorized domain to a target device in a different authorized domain comprising: 

checking a voucher associated with a piece of content; 

the voucher including an encrypted content key, a usage state record and a domain 
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traversal flag; 

if the usage state record allows moving, 

decrypting the encrypted content key with a device key; and 
encrypting the decrypted content key with the public key of the target 
device; 

replacing the original encrypted content key with the re-encrypted content 
key in the voucher; 

transmitting encrypted content and the amended voucher to the target 
device; and 

at the first device rendering any vouchers associated with the content 
unusable. 

12. (Original) The method of claim 1 1 where the device key used to decrypt the 
encrypted content key is a private key of the first device. 

13. (Original) The method of claim 1 1 further comprising: 

decrypting the voucher received at the target device using a private key associated 
with the target device's public key; 

decrypting the encrypted content using the decrypted content key from the 
voucher. 

14. (Original) A method of copying protected content within an authorized domain to a 
target device within said authorized domain comprising: 
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at a first device within the authorized domain, checking a usage state record 
contained in a voucher associated with a piece of encrypted content; 
the voucher including a usage state record, and an encrypted content key; 
if the usage state record is not unrestricted and allows copying: 

decrypting the encrypted content key with a device key; 

re-encrypting the decrypted content key with a public key of the target 

device; 

updating the usage state record ; and 

storing the re-encrypted content key and the updated usage state record in 
a re-targeted voucher; and 
sending the encrypted content and the re-targeted voucher to the target device. 

15. (Original) The method of claim 14 where the device key used to decrypt the 
encrypted content key is a private key of the first device. 

16. (Original) The method of claim 14 further comprising: 

receiving the encrypted content and re-targeted voucher at the target device; 
decrypting the re-encrypted content key using a domain key; 
decrypting the encrypted content with the content key. 

17. (Original) The method of claim 16 further comprising: 

decrypting the re-encrypted content key with a private key of the target device. 
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18. (Original) The method of claim 14 wherein the usage state record contains a budget 
of allowed copies and further comprising reducing the budget of allowed copies. 

1 9. (Original) A method for copying protected content from a device in a first authorized 
domain to a target device in a second authorized domain comprising: 

in a first device within the first authorized domain, checking a usage state record 
contained in a voucher associated with a piece of encrypted content, wherein the 
voucher also includes an encrypted content key; 

if the usage state record or a domain traversal flag in said voucher indicates that 
inter-domain copying is allowed, 

decrypting the encrypted content key with a device key; 

re-encrypting the decrypted content key with a public key from the target 

device; 

updating the usage state; 

storing the updated usage state and the re-encrypted content key in a re- 
targeted voucher; and 

transmitting encrypted content and the re-targeted voucher to the target 
device. 

20. (Original) The method of claim 19 where the device key used to decrypt the 
encrypted content key is a private key of the first device. 

21. (Original) The method of claim 19 further comprising: 
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protecting at least part of the re-targeted voucher using at least one of the 
following: 

a cryptographic hashing function; or 

a digital signature. 

22. (Original) The method of claim 19 wherein the usage state record contains a budget 
of allowed copies and further comprising: 

reducing the budget of allowed copies. 

23. (Original) A method of identifying protected content while maintaining backwards 
compatibility comprising: 

receiving content; 

checking if content is watermarked; 

encrypting the content with a content key if the content is watermarked. 



24. (Original) The method of claim 23 further comprising: 

receiving usage information and an associated content ID; 

checking the watermark to see if a content ID contained therein matches the 

content ID associated with the usage information; 

treating the content as completely restricted if content ID associated with the 
usage information does not match the content ID contained in the watermark. 



25. (Original) The method of claim 24 wherein the usage information includes a usage 
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state record and a domain traversal flag. 
Claims 26-27 (Canceled) 

28. (Original) A method of using protected content comprising: 

decrypting an encrypted content key with a domain key; 

decrypting an associated piece of content with the decrypted content key; and 

rendering the decrypted content. 

29. (Original) The method of claim 28 further comprising: 

decrypting the encrypted content key with a private key. 

Claims 30-46 (Canceled) 

47. (Currently Amended) A method of checking the integrity of a voucher comprising: 

receiving the voucher at a first device from a second device; 
computing a cryptographic hashing function over at least part of the voucher; 
decrypting an encrypted hash value stored in the voucher with a public key of the 
second device; 

comparing the computed hash value with the stored hash value,, 

wherein the voucher contains a usage state record and a domain traversal flag . 

48. (Original) The method of claim 47 where if the computed hash value does not equal 
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the stored hash value, indicating that the voucher has been tampered with. 

49. (Original) The method of claim 47 where the act of indicating the voucher has been 
tampered with includes making the content unusable. 

50. (Original) An article manufacture comprising: 

a computer readable medium comprising instructions for: 
receiving content at a device; 
encrypting the content with a content key; 
encrypting the content key with a domain key; and 
storing the encrypted content key and the encrypted content. 

5 1 . (Original) An article of manufacture comprising: 

a computer readable medium comprising instructions for: 
receiving content at a device; 
encrypting the content with a content key; 
encrypting the content key with a domain key; and 
storing a voucher associated with the content; 

wherein the voucher includes the encrypted content key and a usage state 

record. 

52. (Original) The article of manufacture of claim 51 wherein the voucher also contains a 
domain traversal flag. 
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53. (Original) An article of manufacture comprising: 

a computer readable medium comprising instructions for: 
receiving content at a device; 

receiving a usage state record associated with the content; 
receiving a domain traversal flag associated with the content; 
encrypting the content with a content key; 

encrypting the content key with a device key if the usage state record indicates 
that usage is not unrestricted; 

encrypting the content key with a domain key if the domain traversal flag 
indicates that domain traversal is forbidden; and 
storing a voucher associated with the content: 

wherein the voucher contains the encrypted content key, the usage state 

record, and the domain traversal flag. 

54. (Original) The computer readable medium of claim 53 further comprising instructions 
for: 

protecting at least part of the voucher using at least one of the following: 
a cryptographic hashing function; or 
a digital signature. 

55. (Original) An article of manufacture comprising: 

a computer readable medium comprising instructions for: 
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transmitting encrypted content and a voucher associated with said encrypted 
content from a first device in an authorized domain to a second device in the 
authorized domain; 

the voucher including an encrypted content key and a usage state record; 

at the first device rendering any vouchers associated with said encrypted content 

unusable. 

56. (Original) The computer readable medium of claim 55 further comprising instructions 
for: 

encrypting the entire voucher. 



57. (Original) An article of manufacture comprising: 

a computer readable medium comprising instructions for: 

on a first device checking a voucher associated with a piece of content; 

the voucher including an encrypted content key, a usage state record and a domain 

traversal flag; 

if the usage state record allows moving, 

decrypting the encrypted content key with a device key; and 
encrypting the decrypted content key with the public key of a target 
device; 

replacing the original encrypted content key with the re-encrypted content 
key in the voucher; 

transmitting encrypted content and the amended voucher to the target 
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device; and 

rendering any remaining vouchers associated with the content 
unusable. 

58. (Original) The article of manufacture of claim 57 where the device key used to 
decrypt the encrypted content key is a private key of the first device. 

59. (Original) An article of manufacture comprising: 

a computer readable medium comprising instructions for: 

checking a usage state record contained in a voucher associated with a piece of 
encrypted content; 

the voucher including a usage state record, and an encrypted content key; 
if the usage state record is not unrestricted and allows copying: 

decrypting the encrypted content key with a device key; 

re-encrypting the decrypted content key with a public key of a target 

device; 

updating the usage state record ; and 

storing the re-encrypted content key and the updated usage state record in 
a re-targeted voucher; and 
sending the encrypted content and the re-targeted voucher to the target device. 

60. (Original) The article of manufacture of claim 59 where the device key used to 
decrypt the encrypted content key is a private key of the first device. 
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61. (Original) The article of manufacture of claim 59 wherein the usage state record 
contains a budget of allowed copies and further comprising reducing the budget of 
allowed copies. 

62. (Original) An article of manufacture comprising: 

a computer readable medium comprising instructions for: 

checking a usage state record contained in a voucher associated with a piece of 
encrypted content, wherein the voucher also includes an encrypted content key; 
if the usage state record or a domain traversal flag in said voucher indicates that 
inter-domain copying is allowed, 

decrypting the encrypted content key with a device key; 

re-encrypting the decrypted content key with a public key from a target 

device; 

updating the usage state; 

storing the updated usage state and the re-encrypted content key in a re- 
targeted voucher; and 

transmitting encrypted content and the re-targeted voucher to the target 
device. 

63. (Original) The article of manufacture of claim 62 where the device key used to 
decrypt the encrypted content key is a private key of the first device. 
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64. (Original) The computer readable medium of claim 62 further comprising instructions 
for: 

protecting at least part of the re-targeted voucher using at least one of the 
following: 

a cryptographic hashing function; or 

a digital signature. 

65. (Original) The article of manufacture of claim 62 wherein the usage state record 
contains a budget of allowed copies and the computer readable medium further 
comprising instructions for: 

reducing the budget of allowed copies. 

66. (Original) An article of manufacture comprising: 

a computer readable medium comprising instructions for: 
receiving content; 

checking if content is watermarked; 

encrypting the content with a content key if the content is watermarked. 

67. (Original) The computer readable medium of claim 66 further comprising instructions 
for: 

receiving usage information and an associated content ID; 

checking the watermark to see if a content ID contained therein matches the 

content ID associated with the usage information; 
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treating the content as completely restricted if content ID associated with the 
usage information does not match the content ID contained in the watermark. 

68. (Original) The article of manufacture of 67 wherein the usage information includes a 
usage state record and a domain traversal flag. 

Claims 69-70 (Canceled) 

71. (Original) An article of manufacture comprising: 

a computer readable medium comprising instructions for: 
decrypting an encrypted content key with a domain key; 
decrypting an associated piece of content with the decrypted content key; and 
rendering the decrypted content. 

72. (Original) The computer readable medium of claim 71 further comprising instructions 
for: 

decrypting the encrypted content key with a private key. 
Claims 73-86 (Canceled) 

87. (Currently Amended) An article of manufacture comprising: 
a computer readable medium comprising instructions for: 
receiving a voucher from a second device; 
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computing a cryptographic hashing function over at least part of the voucher; 
decrypting an encrypted hash value stored in the voucher with a public key of the 
second device; 

comparing the computed hash value with the stored hash value^ 

wherein the voucher contains a usage state record and a domain traversal flag . 

88. (Original) The article of manufacture of claim 87 where if the computed hash value 
does not equal the stored hash value, indicating that the voucher has been tampered 
with. 



89. (Original) The article of manufacture of claim 87 where the act of indicating the 
voucher has been tampered with includes making the content unusable. 

90. (Original) An apparatus capable of protecting content comprising: 

means for receiving content at said appartus; 

means for encrypting the content with a content key; 

means for encrypting the content key with a domain key; and 

means for storing the encrypted content key and the encrypted content. 



91. (Original) An apparatus capable of protecting content comprising: 
means for receiving content at said appartus; 
means for encrypting the content with a content key; 
means for encrypting the content key with a domain key; and 
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means for storing a voucher associated with the content; 

wherein the voucher includes the encrypted content key and a usage state 
record. 

92. (Original) The apparatus of claim 91 wherein the voucher also contains a domain 
traversal flag. 

93. (Original) An apparatus for protecting content comprising: 
means for receiving content at said apparatus; 

means for receiving a usage state record associated with the content; 
means for receiving a domain traversal flag associated with the content; 
means for encrypting the content with a content key; 

means for encrypting the content key with a device key if the usage state record 
indicates that usage is not unrestricted; 

means for encrypting the content key with a domain key if the domain traversal flag 
indicates that domain traversal is forbidden; and 
means for storing a voucher associated with the content: 

wherein the voucher contains the encrypted content key, the usage state 

record, and the domain traversal flag. 

94. (Original) The apparatus of claim 93 further comprising: 

means for protecting at least part of the voucher using at least one of the 
following: 
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a cryptographic hashing function; or 
a digital signature. 

95. (Original) An apparatus capable of moving protected content within an authorized 
domain comprising: 

means for transmitting encrypted content and a voucher associated with said 
encrypted content from said apparatus to a second device in the authorized domain; 
the voucher including an encrypted content key and a usage state record; 
means for rendering any vouchers associated with said encrypted content unusable. 

96. (Original) The apparatus of claim 95 further comprising: 

means for encrypting the entire voucher. 

97. (Original) An apparatus capable of moving protected content to a target device in a 
different authorized domain comprising: 

means for checking a voucher associated with a piece of content; 

the voucher including an encrypted content key, a usage state record and a domain 

traversal flag; 

means for decrypting the encrypted content key with a device key; 

means for encrypting the decrypted content key with the public key of the target 

device; 

means for replacing the original encrypted content key with the re-encrypted content 
key; 
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means for transmitting encrypted content and the amended voucher to the target 
device; and 

means for rendering any vouchers associated with the content unusable. 

98. (Original) The apparatus claim 97 where the device key used to decrypt the 
encrypted content key is a private key of the apparatus. 

99. (Original) An apparatus for copying protected content within an authorized domain 
to a target device within said authorized domain comprising: 

means for checking a usage state record contained in a voucher associated with a 
piece of encrypted content; 

the voucher including a usage state record, and an encrypted content key; 

means for decrypting the encrypted content key with a device key; 

means for re-encrypting the decrypted content key with a public key of the target 

device; 

means for updating the usage state record ; 

means for storing the re-encrypted content key and the updated usage state record in 
re-targeted voucher; and 

means for sending the encrypted content and the re-targeted voucher to the target 
device. 

100. (Original) The apparatus of claim 99 where the device key used to decrypt the 
encrypted content key is a private key of the first device. 
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101 . (Original) The apparatus of claim 99 wherein the usage state record contains a 
budget of allowed copies and further comprising reducing the budget of allowed 
copies. 

102. (Original) An apparatus capable of copying protected content to a target device in a 
second authorized domain comprising: 

means for checking a usage state record contained in a voucher associated with a 
piece of encrypted content, wherein the voucher also includes an encrypted content 
key; 

means for decrypting the encrypted content key with a device key; 

means for re-encrypting the decrypted content key with a public key from the target 

device; 

means for updating the usage state; 

means for storing the updated usage state and the re-encrypted content key in a re- 
targeted voucher; and 

means for transmitting encrypted content and the re-targeted voucher to the target 
device. 

103. (Original) The apparatus of claim 102 where the device key used to decrypt the 
encrypted content key is a private key of the first device. 

104. (Original) The apparatus of claim 102 further comprising: 
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means for protecting at least part of the re-targeted voucher using at least one of 
the following: 

a cryptographic hashing function; or 
a digital signature. 

105. (Original) The apparatus of claim 102 wherein the usage state record contains a 
budget of allowed copies and further comprising: 

means for reducing the budget of allowed copies. 

106. (Original) An apparatus capable of identifying protected content while maintaining 
backwards compatibility comprising: 

means for receiving content; 

means for checking if content is watermarked; 

means for encrypting the content with a content key if the content is watermarked. 

107. (Original) The apparatus of claim 106 further comprising: 

means for receiving usage information and an associated content ID; 

means for checking the watermark to see if a content ID contained therein matches 

the content ID associated with the usage information; 

means for treating the content as completely restricted if content ID associated with 
the usage information does not match the content ID contained in the watermark. 

108. (Original) The apparatus of claim 107 wherein the usage information includes a 
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usage state record and a domain traversal flag. 
Claims 109-1 10 (Canceled) 

111. (Original) An apparatus for using protected content comprising: 
means for decrypting an encrypted content key with a domain key; 

means for decrypting an associated piece of content with the decrypted content key; 
and 

means for rendering the decrypted content. 

1 12. (Original) The apparatus of claim 1 1 1 further comprising: 
means for decrypting the encrypted content key with a private key. 

Claims 1 13-119 (Canceled) 

120. (Currently Amended) An apparatus capable of checking the integrity of a voucher 
comprising: 

means for receiving a voucher from a second device; 

means for computing a cryptographic hashing function over at least part of the 
voucher; 

means for decrypting an encrypted hash value stored in the voucher with a public key 
of the second device; 

means for comparing the computed hash value with the stored hash value,, 
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wherein the voucher contains a usage state record and a domain traversal flag . 

121. (Original) The apparatus of claim 120 further comprising: 
means for indicating that the voucher has been tampered with. 

122. (Original) The apparatus of claim 120 where the means for indicating the voucher 
has been tampered with includes making the content unusable. 
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